Xavier & FakeToken: New Malware On The Block

This new malware is called Faketoken. Quoted here from the official page Kaspersky, Faketoken malware was already circulating in the Google Play Store since a year ago. This malware since evolved into something horrific.

When infecting an Android device, the malware will record all calls, intercept text messages, and then steal data from various apps installed on Android devices, including banking apps.

Folks may not realize that you already activated the malware on the Android device which you use. Kaspersky stated, “When this Trojan is active, it will hide its shortcut icon and then start monitoring all calls as well as which applications are used.”

This malware also has the ability to steal data from over a thousand apps, including from Android Pay,travel ticket app, Google Play Store, taxi, and hotel room. Although at the time of writing the new Faketoken targets Android users in Russia primarily, the malware makers may expand its malware circulation to other countries in the world.

Xavier – Trojan based malware

There is also another new malware that was reported by Trend Micro. Trend Micro has found a new malware Trojan that is quite troublesome. The security analysis identifies the malware as ‘ANDROIDOS_XAVIER.AXM’ or Xavier.

This is an ad library that quietly sends user data to a remote server. What makes matters worse is the method used to cover the trail and disguise its activity.

Firstly, the malware is embedded in relatively harmless apps, such as ringtone makers as well as photo editing apps. Most of these apps seem to come from Southeast Asia. Trend Micro has found over eight hundred different apps containing malicious software that has been downloaded millions of times from Google Play store.

The openness of the malicious code is used in applications, so applications easily escape store approval. However, after installing malware as the malicious code from the secret server, the attack will start to run. This action can be done without the user’s knowledge and/or consent. This malware is also able to install other nefarious files and can attack silently if your device was rooted.